why is spam score 0?

pasamsin

Verified User
Joined
Feb 20, 2019
Messages
18
There is no reason to remove the remark // lines in front if your resolv.conf is correct. I would advise to put them back and just restart named.
Yes, now I tried again, when I do nslookup google.com 127.0.0.1 it still responds to queries. I edited it to // again.
 

pasamsin

Verified User
Joined
Feb 20, 2019
Messages
18
Since 8.8.8.8 dns servers are used by everyone, you will be involved in the use of other people and you will have made more than 100,000 queries.
Exactly for that reason. And it is indeed bypassed, maybe they only use the "whitelist" notification to just bypass it, because as we all know, in fact it is -not- on the white list.
How do I fix this problem by doing something different instead of making changes to the /etc/resolve.conf file?
 

pasamsin

Verified User
Joined
Feb 20, 2019
Messages
18
I set up an own DNS server and added it primarily to the resolve.conf file. I would appreciate it if you could provide an alternative solution.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
7,648
Location
Maastricht
At least this way de queries will be done everytime and spam won't get through because queries to RBL's are blocked.
If you're still having issues, I don't know what's going on then.
Like I already stated in post #4, somebody else or staff has to look at why spam is getting through, or you might send in a ticket.
 

pasamsin

Verified User
Joined
Feb 20, 2019
Messages
18
"-5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/,
high trust" fixed this problem. I now have a private DNS server.

However, spam still ends up in the inbox.

Code:
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from server.server724092.com
    by server.server724092.com with LMTP
    id 2NWGAm7Qx2EPYgAAmRAMGA
    (envelope-from <[email protected]>)
    for <[email protected]>; Sun, 26 Dec 2021 05:16:14 +0300
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Sun, 26 Dec 2021 05:16:14 +0300
Received: from hardstitch.co ([212.193.29.120])
    by server.server724092.com with esmtp (Exim 4.95)
    (envelope-from <[email protected]>)
    id 1n1J51-0006mw-D8
    for [email protected];
    Sun, 26 Dec 2021 05:16:14 +0300
Date: Sat, 25 Dec 2021 21:00:39 -0500
From: "Smart Holder Pro" <[email protected]>
MIME-Version: 1.0
Precedence: bulk
To: <[email protected]>
Subject: Charge and secure your phone while you drive with this futuristic robotic device. It looks like an Elon Musk invention!
Message-ID: <BTKZGMQ5bAEntLB_voJ-5prI[email protected]hardstitch.co>
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Forward-Confirmed-ReverseDNS: Reverse and forward lookup success on 212.193.29.120, -10 Spam score
SPFCheck: Server passes SPF test, -30 Spam score
X-Spam-Score: 4.5 (++++)
X-Spam-Report: Spam detection software, running on the system "server.server724092.com",
    has NOT identified this incoming email as spam. The original
    message has been attached to this so you can view it or label
    similar future email. If you have any questions, see
    the administrator of that system for details.
    Content preview: Charge and secure your phone while you drive with this futuristic
    robotic device. It looks like an Elon Musk invention! Main advantages: You’ll
    be able to save on fines and drive more safely. Automatically charges your
    mobile phone while driving without the need for cables Automatic robotic
    phone clamp so you won’ [...]
    Content analysis details: (4.5 points, 5.0 required)
    pts rule name description
    ---- ---------------------- --------------------------------------------------
    1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
    [URIs: teamsave.money]
    1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL
    blocklist
    [URIs: teamsave.money]
    0.1 URIBL_SBL_A Contains URL's A record listed in the Spamhaus SBL
    blocklist
    [URIs: www.teamsave.money]
    -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
    -0.0 SPF_PASS SPF: sender matches SPF record
    0.0 HTML_MESSAGE BODY: HTML included in message
    0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
    0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
    tag
SpamTally: Final spam score: 5
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus


Code:
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from server.server724092.com
    by server.server724092.com with LMTP
    id 8EYqMrqrx2EGUwAAmRAMGA
    (envelope-from <[email protected]>)
    for <[email protected]>; Sun, 26 Dec 2021 02:39:38 +0300
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Sun, 26 Dec 2021 02:39:38 +0300
Received: from sunpriority.co ([212.193.29.111])
    by server.server724092.com with esmtp (Exim 4.95)
    (envelope-from <[email protected]>)
    id 1n1GdT-0005WZ-VG
    for [email protected];
    Sun, 26 Dec 2021 02:39:38 +0300
Date: Sat, 25 Dec 2021 18:20:48 -0500
From: "Skincell 2 (skin tag)" <[email protected]>
MIME-Version: 1.0
Precedence: bulk
To: <[email protected]>
Subject: Mole & Skin Tag Remover That Naturally Eliminates In 8 Hours Biggest Deal In History
Message-ID: <NBDVFQCKxLwCtoah_YPeEOod[email protected]sunpriority.co>
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Forward-Confirmed-ReverseDNS: Reverse and forward lookup success on 212.193.29.111, -10 Spam score
SPFCheck: Server passes SPF test, -30 Spam score
X-Spam-Score: 2.4 (++)
X-Spam-Report: Spam detection software, running on the system "server.server724092.com",
    has NOT identified this incoming email as spam. The original
    message has been attached to this so you can view it or label
    similar future email. If you have any questions, see
    the administrator of that system for details.
    Content preview: Mole & Skin Tag Remover That Naturally Eliminates In 8 Hours
    Biggest Deal In History It was the most watched episode in history when sisters
    Anna and Samantha Martin from Quebec won over the investor panel. Never before
    had the judging panel unanimously decided to each invest over a m [...]
    Content analysis details: (2.4 points, 5.0 required)
    pts rule name description
    ---- ---------------------- --------------------------------------------------
    1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
    [URIs: raidgift.cards]
    -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
    [212.193.29.111 listed in wl.mailspike.net]
    -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
    -0.0 SPF_PASS SPF: sender matches SPF record
    0.0 HTML_MESSAGE BODY: HTML included in message
    0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
    0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
    tag
    0.0 LOTS_OF_MONEY Huge... sums of money
SpamTally: Final spam score: -16
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
7,648
Location
Maastricht
However, spam still ends up in the inbox.
As you can see, it just doesn't reach the limit. It gets to 4.5 while 5.0 is required to be noted as spam.
You could lower the spam threshold, however, in that case with 4.5 you might get legit mail also seen as spam.

In cases I get spam through my spamfolder I just report those as spam at Spamcop and often that helps. However, in the beginning reporting can cause more spam, and sometimes you need to deselect some adresses the spam is reported to. That last part takes a bit of a learning curve.
 

pasamsin

Verified User
Joined
Feb 20, 2019
Messages
18
Got it, I set the custom threshold to 2. It will now catch more spam. When I look at the spam messages, they all get a grade above 2.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
7,648
Location
Maastricht
That is very low. You have to check very well because now the chance is very big that legitimate mail will be treated as spam too.
 

pasamsin

Verified User
Joined
Feb 20, 2019
Messages
18
I checked the source text of dozens of emails. The ones I've checked all score X-Spam-Score: 2.4 (++) and above.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
7,648
Location
Maastricht
Oke I hope you're right, but if legitimate mail starts dissapearing, you know where to start looking. ;)
 
Top